Ransomware. Disables the compromised computer or restricts access to certain data so that the victim can no longer use it. The victim is expected to send payment to the hijacker to restore access to the blocked data or re-enable the system.

Payload

No specific payload has been found.

Process activity

The Ransomware creates the following process(es):

The Ransomware injects its code into the following process(es):

regsvr32.exe:1956rundll32.exe:1544rundll32.exe:3688

File activity

The process regsvr32.exe:1956 makes changes in the file system.The Ransomware creates and/or writes to the following file(s):